The Desktop Services Store (DS_Store) as you probably already know, is a file that stores some metadata about the files in a directory in the OS X. I’ve taken a look at them, they seem pretty harmless, but in the realm of PCI Compliance they are a medium risk because they can reveal the directory structure (which could very well be innocuous depending on the site). Like most of the PCI Compliancy challenges I’ve faced, it’s a pretty simple fix:


<Files "^\.">
    Order deny,allow
    Deny from all


location ~ /\.
    deny all;

Note, the above examples will deny access to all hidden files (.htaccess, .DS_Store, et cetera)

Did you enjoy this post?

Cool if I slip into your inbox with more?
Full posts, 1-2 times per week: